We help IT Professionals succeed at work.

TLS Tunnel from Ironport to another Exchange Server

davidmgordillo used Ask the Experts™
How we can setup a TLS tunnel from our ironport over the internet to another companies exchange server? I'd like to know how to do both sides.


Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
create the SMTP receive /send connectors on the exch. HTs that will handle mail to and from the Iron ports?

They should have TLS enabled by default. They will offer Opportunistic TLS on the Internet receive connector and will send TLS if its offered by the Ironport.

You can verify this by doing a get command for the connectors and checking the auth methods.

More info:



ironport administration guide is not publicly available, it will have instructions to set the ironport side


Thank you for the info.

Regarding IronPort, I spoke with a Cisco Rep and the additional step that need to be done is go to Mailbox Policies inside of the IronPort and under Destination Controls add the domain or the MX record of the domain that you want to do TLS with.  

Another thing to do is make sure that Mailbox Destination Policy is set to: TLS Preffered. This feature is not enabled on default.